CCSK cloud

1. CCSK
2. COURSE
3. 1: Architecture
4. ?
5. NIST Definitions
6. ?
7. Essential Characteristics
8. ?
9. Service Models
10. ?
11. Deployment Models
12. ?
13. Multi-Tenancy
14. ?
15. CSA Cloud Reference Model
16. ?
17. Jericho Cloud Cube Model
18. ?
19. Cloud Security Reference Model
20. ?
21. Cloud Service Brokers
22. ?
23. Service Level Agreements
24. 2: Governance and Enterprise Risk Management
25. ?
26. Contractual Security Requirements
27. ?
28. Enterprise and Information Risk Management
29. ?
30. Third Party Management Recommendations
31. ?
32. Supply chain examination
33. ?
34. Use of Cost Savings for Cloud
35. 3: Legal Issues: Contracts and Electronic Discovery
36. ?
37. Consideration of cloud-related issues in three dimensions
38. ?
39. eDiscovery considerations
40. ?
41. Jurisdictions and data locations
42. ?
43. Liability for activities of subcontractors
44. ?
45. Due diligence responsibility
46. ?
47. Federal Rules of Civil Procedure and electronically stored
48. information
49. ?
50. Metadata
51. ?
52. Litigation hold
53. 4: Compliance and Audit Management
54. ?
55. Definition of Compliance
56. ?
57. Right to audit
58. ?
59. Compliance impact on cloud contracts
60. ?
61. Audit scope and compliance scope
62. ?
63. Compliance analysis requirements
64. ?
65. Auditor requirements
66. 5: Information Management and Data Security
67. ?
68. Six phases of the Data Security Lifecycle and their key ele
69. -
70. ments
71. ?
72. Volume storage
73. ?
74. Object storage
75. ?
76. Logical vs physical locations of data
77. ?
78. Three valid options for protecting data
79. ?
80. Data Loss Prevention
81. ?
82. Detection Data Migration to the Cloud
83. ?
84. Encryption in IaaS, PaaS & SaaS
85. ?
86. Database Activity Monitoring and File Activity Monitoring
87. ?
88. Data Backup
89. ?
90. Data Dispersion
91. ?
92. Data Fragmentation
93. 6: Interoperability and Portability
94. ?
95. Definitions of Portability and Interoperability
96. ?
97. Virtualization impacts on Portability and Interoperability
98. ?
99. SAML and WS-Security
100. ?
101. Size of Data Sets
102. ?
103. Lock-In considerations by IaaS, PaaS & SaaS delivery models
104. ?
105. Mitigating hardware compatibility issues
106. 7: Traditional Security, Business Continuity, and Disaster
107. Recovery
108. ?
109. Four D’s of perimeter security
110. ?
111. Cloud backup and disaster recovery services
112. ?
113. Customer due diligence related to BCM/DR
114. ?
115. Business Continuity Management/Disaster Recovery due
116. diligence
117. ?
118. Restoration Plan
119. ?
120. Physical location of cloud provider
121. 8: Data Center Operations
122. ?
123. Relation to Cloud Controls Matrix
124. ?
125. Queries run by data center operators
126. ?
127. Technical aspects of a Provider’s data center operations for
128. customers
129. ?
130. Logging and report generation in multi-site clouds
131. 9: Incident Response
132. ?
133. Factor allowing for more efficient and effective containment
134. and recovery in a cloud
135. ?
136. Main data source for detection and analysis of an incident
137. ?
138. Investigating and containing an incident in an Infrastructure
139. as a Service environment
140. ?
141. Reducing the occurrence of application level incidents
142. ?
143. How often should incident response testing occur
144. ?
145. Offline analysis of potential incidents
146.  
147. 10: Application Security
148. ?
149. Identity, entitlement, and access management (IdEA)
150. ?
151. SDLC impact and implications
152. ?
153. Differences in S-P-I models
154. ?
155. Consideration when performing a remote vulnerability test of a cloud-based application
156. ?
157. Categories of security monitoring for applications
158. ?
159. Entitlement matrix
160. 11: Encryption and Key Management
161. ?
162. Adequate encryption protection of data in the cloud
163. ?
164. Key management best practices, location of keys, keys per user
165. ?
166. Relationship to tokenization, masking, anonymization and cloud database controls
167. 12: Identity, Entitlement, and Access Management
168. ?
169. Relationship between identities and attributes
170. ?
171. Identity Federation
172. ?
173. Relationship between Policy Decision Point (PDP) and Policy Enforcement Point (PEP)
174. ?
175. SAML and WS-Federation
176. ?
177. Provisioning and authoritative sources
178. 13: Virtualization
179. ?
180. Security concerns for hypervisor architecture
181. ?
182. VM guest hardening, blind spots, VM Sprawl, data comingling, instant-on gaps
183. ?
184. In-Motion VM characteristics that can create a serious complexity for audits
185. ?
186. How can virtual machine communications bypass network security controls
187. ?
188. VM attack surfaces
189. ?
190. Compartmentalization of VMs
191. 14: Security as a Service
192. ?
193. 10 categories
194. ?
195. Barriers to developing full confidence in security as a service (SECaaS)
196. ?
197. Deployment of Security as a Service in a regulated industry prior SLA
198. ?
199. Logging and reporting implications
200. ?
201. How can web security as a service be deployed
202. ?
203. What measures do Security as a Service providers take to earn the trust of their customers
204. ?
205. ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security
206. ?
207. Isolation failure
208. ?
209. Economic Denial of Service
210. ?
211. Licensing Risks
212. ?
213. VM hopping
214. ?
215. Five key legal issues common across all scenarios
216. ?
217. Top security risks in ENISA research
218. ?
219. OVF
220. ?
221. Underlying vulnerability in Loss of Governance
222. ?
223. User provisioning vulnerability
224. ?
225. Risk concerns of a cloud provider being acquired
226. ?
227. Security benefits of cloud